Create a security officer

Prerequisite: To create a security officer, you need the right to display and create security officers.

  1. In the SafeGuard Management Center, select Security Officers.
  2. In the navigation window right-click the security officer’s node where you want to locate the new security officer and select New > New Security Officer.
  3. Make the relevant entries in the New security officer dialog:
    Field/check box Description
    Enabled The security officer can be deactivated until further notice. This means that the security officer is in the system, but they cannot log on to the SafeGuard Management Center yet. They can only log on and perform their administrative tasks when another security officer activates them.
    Name Enter the name of the security officer as provided in the certificates created by SafeGuard Enterprise in cn =. The security officer is also displayed under this name in the SafeGuard Management Center navigation window. This name must be unique.

    Maximum value: 256 characters

    Description Optional

    Maximum value: 256 characters

    Cell phone Optional

    Maximum value: 128 characters

    E-Mail Optional

    Maximum value: 256 characters

    Validity Select from when and to when (date) the security officer should be able to log on to the SafeGuard Management Center.
    Token logon The logon can be done in the following way:

    No token The security officer may not log on with a token. They have to log with their credentials (user name/password).

    Optional Logon can be either with a token or with the credentials. The security officer is free to choose.

    Mandatory A token has to be used to log on. To do this, the private key that belongs to the security officer's certificate must be on the token.

    Certificate A security officer always needs a certificate to log on to the SafeGuard Management Center. The certificate can either be created by SafeGuard Enterprise or an existing one can be used. If token logon is essential, the certificate has to be added to the security officer's token.

    Create:

    The certificate and key file are created as new and saved in a selected location. Enter and confirm a password for the .p12 key file. The .p12 file must be available to the security officer when logging on. The certificate created is automatically assigned to the security officer and displayed in Certificate. If SafeGuard Enterprise password rules are used, rules in the Active Directory should be deactivated.

    Note: Max. length of path and file name: 260 characters. When creating a security officer, the certificate's public part is sufficient. When logging on to the SafeGuard Management Center, however, the certificate’s private section (the key file) is also required. If it is not available in the database, it must be available to the security officer (for example on a memory stick) and may be stored in the certificate store during logon.
    Certificate Import:

    An existing certificate is used which is assigned to the security officer during import. If the import is from a .p12 key file, the certificate's password must be known.

    If a PKCS#12 certificate container is selected, all certificates are loaded into the list of assignable certificates. The certificate is then assigned after the import, by selecting the certificate from the drop-down list.

    Security Officer Roles Roles

    Predefined or custom roles can be assigned to the security officer. The rights associated with each role are displayed under Action Permitted in the action area when clicking the respective role or when right-clicking the security officer and selecting Properties, Actions. More than one role can be assigned to a user.

  4. Click OK to confirm.

The new security officer is displayed in the navigation window under the respective Security Officers node. Their properties can be displayed by selecting the respective security officer in the navigation window. The security officer can log on to the SafeGuard Management Center with the name displayed. Next you need to assign directory objects/domains to the security officer so they can perform their tasks.